In the absence of the -v (verify) option setcap sets the capabilities
of each specified filename to the capabilities specified. The
optional -n <rootid> argument can be used to set the file capability
for use only in a namespace with this rootid owner. The -v option is
used to verify that the specified capabilities are currently
associated with the file. If -v and -n are supplied, the -n <rootid>
argument is also verified.
The capabilities are specified in the form described in
cap_from_text(3).
The special capability string, '-', can be used to indicate that
capabilities are read from the standard input. In such cases, the
capability set is terminated with a blank line.
The special capability string, '-r', is used to remove a capability
set from a file. Note, setting an empty capability set is not thesame as removing it. An empty set can be used to guarantee a file is
not executed with privilege inspite of the fact that the prevailing
ambient+inheritable sets would otherwise bestow capabilities on
executed binaries.
The -q flag is used to make the program less verbose in its output.

This page is part of the libcap (capabilities commands and library)
project. Information about the project can be found at
⟨https://git.kernel.org/pub/scm/libs/libcap/libcap.git/⟩. If you have
a bug report for this manual page, send it to morgan@kernel.org
(please put "libcap" in the Subject line). This page was obtained
from the project's upstream Git repository
⟨https://git.kernel.org/pub/scm/libs/libcap/libcap.git/⟩ on
2019-05-09. (At that time, the date of the most recent commit that
was found in the repository was 2019-04-21.) If you discover any
rendering problems in this HTML version of the page, or you believe
there is a better or more up-to-date source for the page, or you have
corrections or improvements to the information in this COLOPHON
(which is not part of the original manual page), send a mail to
man-pages@man7.org
11 September 2018 SETCAP(8)